Skip main navigation

Best Practices for Unusual Emails

In this video, you will learn about best practices for ensuring secure email communication.
In this video, we’re going to go over some best practises for unusual emails. So first and foremost, chances are you’re probably getting a lot of unusual emails from time to time, things like phishing attacks, spear fishing attacks, scams, and whatnot. But the most important thing is, don’t panic. We’re going to get through this together. So the first thing we want to take a look at is the actual send-to from address. So in this example, I have a couple of different emails in here. So the first one in here we see, it’s from Bill Gates. And if you initially take a look at it, it says However, we see this other addition to it. It says via, rather.
So what this means is, this is a redirect. So if you just take a quick look, you’ll see the And for some people, they’ll just stop there. They’ll assume that, well, it’s from Microsoft and it’s from Bill Gates. But what it’s really doing is this web address here, this, this is the real email address it’s coming from. And the MSN address is the one it’s spoofing. So we need to be very careful about that. If we see anything that’s using a redirect, that should be a red flag right there. You should be very careful about the contents of that email. Now next up I have Microsoft licence expired. Now in this one here, it says Microsoft Support Team.
So in some phishing tests I’ve done, I actually use this one. And it worked pretty well. So the way this one works is, when you get the email that says Microsoft Support Team, and people tend to freak out, especially the way it’s crafted it says your licence expired, to contact us, get help in the app, contact support. And the bottom part there, the contact, Get Help app in Windows 10, that’s actually a real email from Microsoft. So I use part of a real Microsoft email to spoof that. Now, a lot of scammers will actually do the same tactic. They’ll actually use some of the real information there to actually make it look more legitimate.
But in here, what we want to do is we want to look at this
So this one I’m not even spoofing the email address. I actually just took the name Microsoft Support. And sometimes people stop there. They don’t look at where the real email’s coming from. Now you always want to check where the emails coming from. You want to see what their source address is. In this case, it’s And you also want to see if it’s being a redirect. In this case, it’s the srv62. Now, Microsoft has their own email server. So they’re not going to use a Yahoo email address. So that should be a flag right there as to, you should never open that type of email or open any files in there. So this is another one.
This is a PayPal one. And it says, Reminder– your PayPal web on Microsoft Edge. Here’s your receipt. It’s trying to make me believe that I actually bought something. Now the problem with this one is, if we look up in here, it says it’s emailed to me and 89 other people. Now, if a company is going to email you about something specific for you, something like, well, hey, you bought something, here’s your receipt, they’re not going to put anyone else on the email, especially 89 other people. So that should be a flag right there that this is not a legitimate email.
And if I go in here, I take a look at the web address, I’ll be able to tell, then, well, it’s not a PayPal email either. So you want to take a look at that, too. Again, if a company is going to email you, it’s going to be directly to you. They’re not going to put other email addresses on there.
So let’s take a look at this one. So this, I have here a totally legitimate link. So it looks like it says And if we look down in the corner here, right down in here, we can see it actually goes through Now firstly, don’t go to that URL. I have no idea where that goes. That was only for demonstration purposes. So this is called a link cover. So what I’m doing here is, if someone sends you a link, don’t click on the link. You could simply hover over the link and look down in the corner and see where it’s actually going. That way, you can see if it’s safe or not. In this case, it’s not safe.
Even though it looks like it’s going to, it’s really going to Again, don’t go there, demonstration. But again, it shows you that this is why you don’t click on the link. Even if you’re reading the URL, that’s not necessarily where it’s going to. So again, just hover over the link, look in the corner, and you can see where it’s going. Another tactic you do is you right-click and copy and paste it into Notepad, or any other editor, and see where that link goes.

In this video, you will learn about best practices for ensuring secure email communication.

Here are some tips to take forward:

  • check the sender’s email address – does it make sense?
  • verify email communication with the sender – you can call them or send a new email directly to them
  • if a link is attached, hover over the link to see where it wants to take you but do not select it
  • try not to panic – take some time to think about how you can address the communication effectively and safely
  • call the company who has contacted you or the IT department
  • report the incident to a company fraud department
  • place these emails in your spam folder
This article is from the free online

Cyber Security Foundations: Why Cyber Security is Important

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now